Want a quick way to see what GPO's are applied to your local system, just using built in utilities? Using the GUI to manually view what settings are applied is awkward and slow. ?Use the following commands to see what policies are being handed down to the system you're on and what they're enforcing. ?This info can be incredibly handy during a pentest in order to find out the limitations being imposed on a specific system you've compromised.
I’m a huge fan of the Nessus vulnerability scanner. It’s got plug-ins for anything you could ask for, runs great in a Linux environment, and outputs a ton of information (thanks to thousands and thousands of checks). While all that information is a good thing, sometimes you are just looking for specific issues or findings across a network. A quick way I like to strip out interesting information is grepping through the output files for certain Nessus ID’s. Here is a quick list of interesting plug-ins:
- 16314 – Lists suspicious and unwanted software.
- 36217 – Detection of the Conficker worm.
- 23938 – Locates Cisco routers with missing / default passwords.
- 38153 – A nice summary of missing Microsoft patches.
- 11936 – Identification details about the machines OS.
- 10673 – Locates SQL servers with default / blank SA accounts.
- 10396 – Details about SMB shares.
- 23910 – Locates modified HOSTS files – can be an indication of a virus or malware.
To search for these, I usually do a quick grep nessus-id *.nbe and then use cut with custom delimiters to filter out the IP addresses and other pertinent information.